Critical Cisco Vulnerability Could Have Enabled Password Changes for Any User

Critical Cisco Vulnerability Could Have Allowed Password Changes for Any User Cisco has recently addressed a severe security flaw in its Smart Software Manager On-Prem (SSM On-Prem) by releasing a critical patch. This vulnerability, rated with a maximum severity score of 10/10, could have allowed attackers to change any user's password, including those of administrators. Such an exploit could have led to significant security breaches, including data theft and ransomware attacks. The Nature of the Flaw Identified as CVE-2024-20419, this flaw originates from an incorrect implementation of the password-change process in Cisco’s software. Cisco’s advisory indicates that attackers could exploit this vulnerability by sending specially crafted HTTP requests to the affected device. Successfully exploiting this flaw would grant them access to the web interface or API with the compromised user's privileges, allowing unauthorized modifications. The Cisco Smart Software Manager On-Prem is cru…